init: avoid ERROR log due to missing SEPolicy.zip
One of the first ERROR messages in logcat of a normal boot of Cuttlefish
is from failure to open SEPolicy.zip. This condition is expected.
Therefore don't try to load SEPolicy.zip when it doesn't exist. This
replaces the following log messages:
0 0 I init : Error: Apex SEPolicy failed signature check
0 0 I init : Loading APEX Sepolicy from /system/etc/selinux/apex/SEPolicy.zip
0 0 E init : Failed to open package /system/etc/selinux/apex/SEPolicy.zip: No such file or directory
... with just:
0 0 I init : No APEX Sepolicy found
Change-Id: If3a77407c35130165df5782b9ef91912e8374dbf
diff --git a/init/selinux.cpp b/init/selinux.cpp
index b6d483a..51093d8 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -667,10 +667,16 @@
//
void PrepareApexSepolicy() {
// If apex sepolicy zip exists in /metadata/sepolicy, use that, otherwise use version on
- // /system.
- auto dir = (access((kSepolicyApexMetadataDir + kSepolicyZip).c_str(), F_OK) == 0)
- ? kSepolicyApexMetadataDir
- : kSepolicyApexSystemDir;
+ // /system. If neither exists, do nothing.
+ std::string dir;
+ if (access((kSepolicyApexMetadataDir + kSepolicyZip).c_str(), F_OK) == 0) {
+ dir = kSepolicyApexMetadataDir;
+ } else if (access((kSepolicyApexSystemDir + kSepolicyZip).c_str(), F_OK) == 0) {
+ dir = kSepolicyApexSystemDir;
+ } else {
+ LOG(INFO) << "APEX Sepolicy not found";
+ return;
+ }
auto sepolicyVerify = SepolicyVerify(dir);
if (!sepolicyVerify.ok()) {